Managed Services
We operate Ira so you don't have to
Ghost Vector runs Ira on your behalf — 24/7 monitoring, triage, and escalation for your AWS environment. Same system, same explainability, none of the operational overhead.
The Case for Managed
Your security team has better things to do
Ira is a powerful system, but operating it well requires dedicated attention — tuning detection thresholds, reviewing drift baselines, maintaining Terraform state, and staying current with evolving AWS threat patterns. That is operational work. It does not require your domain expertise.
Ghost Vector's managed services let your team focus on the decisions that matter: approving or rejecting containment recommendations, refining your security posture, and responding to incidents. We handle everything upstream — deployment, monitoring, tuning, and triage. You retain full control and full visibility.
Service Offerings
Three ways to engage
Managed Detection & Response
24/7 monitoring and triage of your AWS environment. Ghost Vector analysts operate Ira continuously, investigate findings, and escalate validated incidents to your team with full context and containment recommendations.
Includes:
- Continuous monitoring across all configured telemetry sources
- Analyst-validated triage — no raw alert forwarding
- Escalation with ranked containment recommendations
- Monthly posture reports with drift analysis
- Defined SLAs for acknowledgement and escalation
Threat Hunting
Scheduled and ad-hoc investigation of your AWS environment for threats that evade automated detection. Ghost Vector analysts use Ira's sub-agents to run targeted queries across CloudTrail, VPC Flow, S3 Access, and Config data — looking for patterns that rules alone will miss.
Includes:
- Quarterly threat hunt cycles (or on-demand)
- Hunt hypotheses informed by current AWS threat intelligence
- Full written report per engagement with findings and recommendations
- Identified gaps fed back into detection tuning
Deployment & Onboarding
White-glove deployment of Ira into your AWS account. We handle the Terraform provisioning, telemetry source integration, IAM role configuration, and initial environment tuning. You are operational in days, not weeks.
Includes:
- Terraform deployment into your AWS account
- Integration with CloudTrail, VPC Flow Logs, S3, GuardDuty, Config
- IAM role provisioning with least-privilege scoping
- Initial baseline tuning to reduce noise from day one
- Knowledge transfer session with your security team
Engagement Model
What the engagement looks like
-
Scoping & deployment
We assess your AWS environment, identify telemetry sources, and deploy Ira via Terraform into your account. Typical deployment: 2–5 business days.
-
Baseline & tuning
Ira runs in observation mode while we establish your environment’s baseline. We tune thresholds, suppress known-good patterns, and validate detection coverage. Duration depends on environment complexity.
-
Operational handover
Ghost Vector begins active monitoring. Findings are triaged by our analysts before anything reaches your team. You receive validated incidents with full context, not raw alerts.
-
Ongoing operation
Continuous monitoring, periodic threat hunts, monthly posture reports. Detection logic is updated as AWS threat patterns evolve. Your team approves containment actions — we handle everything else.
Your Environment, Your Control
What stays the same
Approval authority
Every containment recommendation still requires your explicit approval. Ghost Vector analysts triage and investigate. Your team makes the call.
Full audit trail
All analysis logs, findings, scores, and recommendations remain in your AWS account. The same auditability guarantees apply whether you operate Ira or we do.
Single-tenant deployment
Ira runs in your account. There is no shared infrastructure, no co-mingled data, no multi-tenant backend. The managed service changes who operates the system, not where it runs.
Transparency
You have read access to every dashboard, every finding, every detection rule. We do not gate visibility behind service tiers. If Ira can see it, you can see it.